Landing zone
A landing zone is a well-architected, multi-account AWS environment that is a starting point from which you can deploy workloads and applications. It provides a baseline to get started with multi-account architecture, identity and access management, governance, data security, network design, and logging.
AWS has two options for creating your landing zone: a service-based landing zone using
AWS Control Tower
AWS created Control Tower to help you save time by automating the setup of a landing zone
so you can run secure and scalable workloads. Control Tower is managed by AWS and uses best
practices and guidelines to help you create your foundational environment. Control Tower uses
integrated services like AWS Service
Catalog
Objectives
Create a landing zone with an initial configuration for the following:
-
Account structure
-
Network structure
-
Predefined identity and billing frameworks
-
Predefined user-selectable packages
-
Ability to customize and configure
Outcomes
-
A defined and secure landing zone ready for migration and further customization